Advice: what after SSCP with my background?

Sscp1986

Dear infosec people,

I really want your honest unbiased advise.
My background: 7 years of helpdesk experience.
- Not very technical tasks but working in envirements as Windows 7 and windows 2003 & windows 2008 server.

- Just passed SSCP last friday.
-Have the information security foundation cert of EXIN and itil foundation v3.

Really want to begin as security analist.

But whats next?

GSEC?
CEH?
CISSP?
Network+?
ENSA from ec council?

you can also email me on webname1967@gmail.com

thank you in advance for your dear help.

Find more posts tagged with

Comments

si20

Analyst you mean

On a serious note - I strongly advise that you research what it's like to be a security analyst. I can honestly tell you it's one of the most boring, mundane jobs.... You'll pick up next to no skills and quite honestly, you'll probably regret becomming one. There is little to no career progression unless you kiss some serious ass. But back to the job itself - you'll be analysing LOTS of data....lots of it. You'll be working long shifts (alot of companies do 24 hour support, so you could be doing 12 hour days).

You'll likely come across enthusiastic analysts but when you get to know them and speak to them, you'll understand they have no clue about Windows or security. I speak to people who don't know what a buffer overflow is - they don't even know what chkdsk is. Seriously - i'm not tarring all analysts with the same brush, but you need to read around and look at people's experience before you dive in.

Most of the good analysts quickly move into another aspect of IT. It's revolving doors, which is never good. So my advice is that you do some more research. Figure out what you want. If you still like the sound of an analyst role, get applying. There are no certs you can do that'll really help you be a good analyst. The quality of an analyst depends on the analyst who trained them. If you get trained by someone who doesn't know what chkdsk is, your IT career is going to take a nose-dive.

Sscp1986

Si20,

Many thanks for your warning.
When reading your post i realised that i didnt meant analyst but someone who is monitoring a network with SIEM and NMAP.
Activities as Tuning a SIEM to reduce false positives/negatives.

diggitle

Sscp1986 wrote: »

Si20,

Many thanks for your warning.
When reading your post i realised that i didnt meant analyst but someone who is monitoring a network with SIEM and NMAP.
Activities as Tuning a SIEM to reduce false positives/negatives.

Sounds like you want to get into managed security i.e. (IDS/IPS, firewalls, incident handling, etc).... Below are some of the certifications my colleagues on the managed security team have.

Typical Managed Security Certifications and Other Credentials:

McAfee Certifications (Because the company I work for deploys McAfee products)
Network+
Security+
CCNA
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
MCSE
CISSP

Hope this helps

H3||scr3am

GSEC or GISP might be good for your next step. the GISP will cover and build off of your SSCP knowledge, and will offer you an open book exam which you should pass if you're properly prepared. and it's a stepping stone towards the CISSP which you could work towards after.

GSEC is like security+ on steroids from what I've heard.

Overall, if you're paying out of pocket for these then it may not be worth it to pursue the GIAC certification path, as the courses are expensive and the exam challenges without the course are a grand each, and there are limited resources available outside of the SANS courses. (Although there are some great writeups to be found here in the forums)

Network+ and Security+ might be good certs to pursue to review and build on the knowledge you already have, and then you could look to pursue other certs like the GSEC.

If you've been working with Microsoft environments perhaps that would be a path to take, getting certified in Microsoft for the Operating systems you're familiar with.

Sscp1986

Diggitle and H3 many thank for your in depth explainations and context.

Very special guys!

Remedymp

You should also pay attention to job posting description of a junior security analyst:

Responsibilities:The position requires a higher degree of technical ability and skills, that relate directly to the operation, maintenance, and troubleshooting of specialized security related infrastructure. Examples of such infrastructure are the RSA DLP (Data Loss Prevention), SEIM (Security Event Information Management), IPS (Intrusion Prevention), WAF's (Web Application Firewalls). The position also requires a higher level of specific experience and formal structured training to be effective.

Due to sensitive nature of the data being analyzed and administered this person must exhibit distinct discretion. However, a self-assured manner and authority is also necessary when interacting with management in non-Operations areas.

Day to day administration of security infrastructure including:

Operations of the Security systems, including maintenance, configuration, issue remediation, audit and troubleshooting

Administer Data Privacy Committee Sharepoint portal Administering RSA DLP and SEIM software and Hardware

Analysis, categorizing and reporting the DLP results, including informing the DLP gate-keepers within Legal, HR and ACS of any suspicious activity

Development and administration of correlated customized real-time security alerts

Education of sensitive information owners of their data protection responsibilities and data encryption techniques

Enforcement of data encryption automation

Staying current with US and global Data Privacy Laws Development and administration of metrics reporting to the Data Privacy Committee

Qualifications:

Excellent verbal and written communications skills

Advanced knowledge of Microsoft Office suite, and Lotus Notes

Advanced knowledge of TCP/IP networks, routing, protocols, and topology

Excellent Internet troubleshooting skills

Good working knowledge of Windows & Linux Operating systems, and Database technologies

Project Management involvement required to understand project scheduling and criticality of tasks and prioritization

Excellent customer service, and troubleshooting skills

Highly analytical with structured approach experience

Excellent problem detection and resolution skills

Detail oriented, self starter

Having some form of Unix certification or understanding of Linux administration can help tremendously.

RHCSA and a Network+ (N10-005) would be beneficial.

Sscp1986

thank you for your great help